Subject Re: [firebird-support] Re: Undocumented internal encrypt/decrypt in FB
Author Alexandre Benson Smith
PenWin wrote:
> As I understand it, the main issue here is providing Firebird with
> per-connection encryption key, as it is obviously worthless to build it
> right into the executable, correct? If that is the case, is there any reason
> why a key can't be provided as a part of a password (from 9th character) or
> even database name (e.g. C:\MyApplication\Data.FDB**encryptionkey)? That way
> Firebird itself could reasonably claim security ("we are using
> as-yet-unbroken AES, with the key supplied by the user at connection time")
> and while it wouldn't be perfect, it would certainly be something better
> than the nothing we have now.

What would prevent the same very person to put an alien fbclient.dll
that stores the connection string with the "**encryptionkey" on a txt
file and use isql to open the database with the same connection string ???

> Pepak

Pepak, I got your point, I would like to have all this in place, but I
think you are fooling yourself if you think any of this will give any
real security. Sorry !

see you !

Alexandre Benson Smith
THOR Software e Comercial Ltda
Santo Andre - Sao Paulo - Brazil